Lucene search
K

23 matches found

EUVD
EUVD
added 2026/05/22 12:31 a.m.13 views

EUVD-2026-31364

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 suspended, banned, terminated employee can still authenticate via OAuth and receive valid API tokens. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o...

2.3CVSS5.8AI score0.00172EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.21 views

PT-2026-42557

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description The OAuth 2.0 Authorization-Code Handler fails to verify account status. This allows users who are suspended, banned, or terminated employees, specifically those with the uIsActive variable set ...

2.3CVSS5.8AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 10:33 a.m.9 views

CVE-2017-18443

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...

5.8CVSS7AI score0.00767EPSS
Exploits0References1
OSV
OSV
added 2025/10/15 8:44 a.m.2 views

BIT-MASTODON-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

4.3CVSS6.7AI score0.00209EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/13 8:59 p.m.8 views

CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

4.3CVSS0.00209EPSS
Exploits0References2
CVE
CVE
added 2025/10/13 8:59 p.m.14 views

CVE-2025-62175

Mastodon has a vulnerability in streaming API handling: in versions < 4.4.6, < 4.3.14, and

4.3CVSS6.3AI score0.00209EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/13 8:59 p.m.3 views

CVE-2025-62175 Mastodon streaming API fails to disconnect disabled and suspended users

Mastodon is a free, open-source social network server based on ActivityPub. In versions before 4.4.6, 4.3.14, and 4.2.27, disabling or suspending a user account does not disconnect the account from the streaming API. This allows disabled or suspended accounts to continue receiving real-time updat...

4.3CVSS6.3AI score0.00209EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/10/13 12:0 a.m.4 views

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub by Mastodon Open Source. A security vulnerability exists in Mastodon versions prior to 4.4.6, prior to 4.3.14, and prior to 4.2.27, which stems from failing to disconnect from the Streaming API when disabling or suspending a...

4.3CVSS6.5AI score0.00209EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-9559

Malware in sbrugna...

5.8CVSS5.9AI score0.00767EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2007-2588

Malware in sbrugna...

6.5CVSS6.4AI score0.01108EPSS
Exploits0References5
Ubuntu
Ubuntu
added 2024/04/30 7:33 a.m.23 views

USN-6761-1: Anope vulnerability

It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...

5.3CVSS5.8AI score0.00491EPSS
Exploits1
OSV
OSV
added 2024/04/30 7:33 a.m.13 views

USN-6761-1 anope vulnerability

It was discovered that Anope did not properly process credentials for suspended accounts. An attacker could possibly use this issue to normally login to the platform as a suspended user after changing their password...

5.3CVSS5.8AI score0.00491EPSS
Exploits1References2
OSV
OSV
added 2024/03/25 8:15 a.m.3 views

DEBIAN-CVE-2024-30187

Anope before 2.0.15 does not prevent resetting the password of a suspended account...

5.3CVSS5.6AI score0.00491EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/03/25 12:0 a.m.6 views

PT-2024-23238 · Anope +3 · Anope +3

Name of the Vulnerable Software and Affected Versions: Anope versions prior to 2.0.15 Description: The issue allows resetting the password of a suspended account. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where th...

5.3CVSS7AI score0.00491EPSS
Exploits1References17
Microsoft CVE
Microsoft CVE
added 2023/07/11 7:0 a.m.20 views

Guidance on Microsoft Signed Drivers Being Used Maliciously

Executive Summary: Microsoft was recently informed that drivers certified by Microsoft’s Windows Hardware Developer Program MWHDP were being used maliciously in post-exploitation activity. In these attacks, the attacker gained administrative privileges on compromised systems before using the...

7.1AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2018-1082

A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site...

8.1CVSS7.8AI score0.02135EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2021/10/18 4:23 p.m.55 views

Twitter Suspends Accounts Used to Snare Security Researchers

Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group TAG in January an...

7.8CVSS8.1AI score0.39653EPSS
Exploits0References19
Wired Threat Level
Wired Threat Level
added 2020/06/18 12:44 a.m.18 views

Bot Mafias Have Wreaked Havoc in 'World of Warcraft Classic'

Blizzard has suspended or closed over 74,000 accounts in the last month, as bots have upended the game's economy...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2020/02/04 10:43 a.m.7 views

Hackers Exploited Twitter Bug to Find Linked Phone Numbers of Users

Twitter today issued a warning revealing that attackers abused a legitimate functionality on its platform to unauthorizedly determine phone numbers associated with millions of its users' accounts. According to Twitter, the vulnerability resided in one of the APIs that has been designed to make it...

5.7AI score
Exploits0
OSV
OSV
added 2019/08/02 5:15 p.m.3 views

CVE-2017-18443

cPanel before 64.0.21 allows demo and suspended accounts to use SSH port forwarding SEC-247...

5.8CVSS5.8AI score
Exploits0References2
Rows per page
Query Builder